How Syrian rebel fighters fell for 'honey trap' hackers
The scene is something out of a hacker flick: Unsuspecting victim divulges key information while chatting online with a beautiful woman, who turns out to be the enemy in disguise.
That鈥檚 exactly how it played out for rebel fighters in the midst of the Syrian civil war, released this month by FireEye, a California-based computer security firm. Between at least November 2013 and January 2014, the report found, pro-government hackers stole hundreds of documents and thousands of Skype conversations containing battle plans, supply route details, and personal information from opposition forces in and around Syria.
Their method: the old 'honey trap' ruse.
A hacker, using a fake Skype or Facebook profile, would strike up a conversation with a target and invite him to swap photos. The hacker鈥檚 photo, invariably that of an attractive woman, would contain malware that once downloaded by the target would copy chat logs, tactical strategies, and contact details from the target鈥檚 device, according to FireEye's research.
Like bees to honey, young Syrian fighters chatted up these hackers, unwittingly giving up valuable personal and military information.
The report is the latest indication that is being fought as furiously online as it is on the ground. It also paints a picture of the future of cyber warfare.
Since the war broke out in 2011 between President Bashar al-Assad鈥檚 government and opposition forces, both sides have engaged in cyber attacks. In some cases, it was propaganda: The pro-Assad group Syrian Electronic Army has repeatedly struck Western media outlets critical of Mr. Assad and his regime, and pushed pro-government messages on social media.
Other cyber attacks were more sophisticated. A 鈥 part of the stockpile taken by former NSA employee Edward Snowden 鈥 describes how the agency intercepted and placed electronic 鈥渂eacon implants鈥 into a shipment of computers and other devices bound for Syria, . 聽
鈥淭o the delight of American intelligence agencies, they soon discovered they had access to the country鈥檚 cellphone network 鈥 enabling American officials to figure out who was calling whom, and from where,鈥 the Times reported.
The identities of the hackers behind the operation that FireEye discovered remain a mystery. But the firm鈥檚 representatives said that research revealed multiple references to Lebanon.
鈥淲hile we cannot positively identify who is behind these attacks, we know that they used social media to infiltrate victims鈥 machines and steal military information,鈥 Nart Villeneuve, senior threat intelligence researcher at FireEye, .
鈥淚n the course of our threat research, we found the activity focused on the Syrian opposition that shows another innovative way threat groups have found to gain the advantage they seek,鈥 he wrote.
The nature of cyber warfare is evolving, 聽but just how imminently lethal it may become is open to debate. that canvassed more than 1,000 technology and security experts saw a 60-40 split in the number of respondents who believed a major cyber attack causing widespread harm would occur by 2025.
The majority who predicted a big attack said that not only is security a secondary concern in most Internet application designs, but cyber battles are already happening.
鈥淭丑别 US government鈥檚 series of cyber attacks on citizens, economic entities, and governments around the world has already done this,鈥 Judith Perrolle, a professor at Northeastern University in Boston, told Pew. 鈥淧eople have died from faulty equipment producing gas pipeline explosions and from drone bombings of civilians. US companies have lost billions worth of business as foreign customers no longer trust their products and services.鈥
鈥淥ur current systems are incredibly vulnerable, by design," she added.
Others were more optimistic, saying that steady progress in security fixes and the threat of retaliation would both work to keep the balance.
鈥淥bviously there will be some theft and perhaps someone can exaggerate it to claim tens of billions in losses,鈥 principal Microsoft researcher Jonathan Grudin said, 鈥渂ut I don鈥檛 expect anything dramatic and certainly don鈥檛 want to live in fear of it.鈥
